Capsule Security, a Tel Aviv-based cybersecurity startup, launched from stealth on April 15 with a $7 million seed round led by Lama Partners alongside Forgepoint Capital International. The company’s product is a runtime trust layer for AI agents: it monitors and controls agent behavior in production, enforcing governance policies to prevent manipulation, prompt injection, and unauthorized data exfiltration.
“We secure the most unpredictable component in the AI stack at runtime,” CEO Naor Paz told VentureBeat.
Runtime, Not Pre-Deployment
Capsule occupies a specific layer in the emerging AI agent security stack. Pre-deployment tools audit agent credentials and permissions before they go live. Network-layer solutions govern which external services agents can reach. Capsule sits after both: it watches what agents actually do once they are running in production and intervenes when behavior deviates from policy.
According to Security Boulevard, the platform enables cybersecurity teams to “enforce controls and governance policies across multiple types of AI agents running in a production environment.” The distinction matters because a correctly authenticated, properly networked agent can still be manipulated through the prompts or data it processes to act outside its intended scope.
The Investor Thesis
Forgepoint Capital International is a cyber-specialist VC, not a generalist fund. Its participation signals that the investor community with deep enterprise security expertise views runtime agent governance as a fundable category, not a feature that existing security tools will absorb.
Calcalist Tech and Help Net Security both confirmed the $7M round and April 15 launch date. SiliconANGLE noted that Capsule’s approach covers multiple agent types, not just a single framework or vendor’s agents.
Three Bets in 24 Hours
Capsule’s launch coincides with two other commercial moves in AI agent security within the same 24-hour window. Cisco is in advanced talks to acquire Astrix Security for $250-350M, targeting agent identity and non-human identity governance. KnowBe4 shipped Agent Risk Manager, extending its human risk management platform to cover autonomous AI agent behavior. Each addresses a different failure mode: Astrix governs who agents are allowed to be, Capsule governs what agents do at runtime, and KnowBe4 governs how agents interact with human-defined workflows.
The Gap Capsule Fills
Sandboxing and network isolation prevent agents from reaching systems they shouldn’t touch. Permission auditing catches overprivileged credentials before they’re exploited. But neither prevents an agent with valid credentials and proper network access from being manipulated through a crafted prompt to exfiltrate data through an authorized channel. That’s the runtime problem, and it’s the problem that grows proportionally with the number of agents an enterprise deploys.
For teams shipping AI agents to production, Capsule represents a product category to track: runtime behavioral enforcement as a standalone security layer, separate from the authentication, networking, and permission tools already in the stack.